In order to securely perform Internet communications between a Web server and a Web browser, SSL (Secure Socket Layer) using PKI (Public Key Infrastructure) has been put to practical use. In a communication system in which the SSL has been introduced, since an encryption process is performed by using a server certificate (SSL certificate) issued by a certificate authority (CA) which is a trusted third-party authority, spoofing, tamper, sniffing and the like are prevented and more secure Internet communications are assured.
When an application for the issuance of the certificate is made, a key pair of a public key and a private key is generated using a certificate issuance application function incorporated into the Web server or the Web browser. Subsequently, a Certificate Signing Request file (CSR) containing the public key is generated, and the issuance request of the server certificate is made by transmitting the generated CSR to the registration server. The registration server which has received the issuance request of the server certificate performs a verifying process for the user authentication and transmits the CSR to the certificate issuing authority, after the authenticity of the user who made the issuance request of the server certificate is confirmed. The certificate issuing authority performs digitally signing the public key contained in the signing request file to generate the server certificate and transmits the generated server certificate to the registration server. And then, the registration server informs the user that the server certificate is downloadable to the Web server.
When the certificate authority issues the server certificate, identification of a person requesting the issuance of the server certificate is important. As an identification method, a server certificate issuing system using domain validation has been put to practical use (for example, see Japanese Patent Laid-Open No. 2005-506737). In this known identification method, when the issuance of a server certificate is requested, the registration server accesses a database of a domain registration server (Whois information) to contact an approver having an authority to approve the issuance of the server certificate for the relevant Web server. Using communicating means such as telephone, e-mails or the like, whether or not the certificate request is approved is verified, and only if the approval from the approver is obtained, the certificate is issued.